1. Field of the Invention
The present invention provides both software and data protection for single or multiple microprocessor systems such as, local area networks (LANs), wide area networks (WANs), backplane connected processor architecture, etc. More particularly, the present invention provides protection by employing, singly or in combination, obscurant IC coatings, tamper detection and response circuitry, multiple component modules and software code encryption to prevent software from being stolen or altered. Similarly, encryption can be applied to data bases and streaming data to provide protection.
2. Description of the Related Art
Commercial processor boards contain several components with a central processing unit (CPU) as a separate component from volatile and non-volatile memory. Often, the executable code for sets of applications is stored in some device, possibly removable, such as but not limited to, a floppy disk, hard drive, CDROM, or EPROM. The executable code is easily accessible to unauthorized parties and, if not encrypted, can be easily reconstructed in any of a number of formats that would facilitate unauthorized modification or use. Even when supplied in encrypted form, the need to decrypt the code before sending it to the processor makes it available on accessible connections where it can be collected by appropriate probes in its decrypted form. Thus, even use of key encryption, whether public/private key or some other type, does not stop the pirating, sabotaging or accessing of computer programs that may be proprietary. A parallel argument applies to databases and on-line streamed data. Coating of multi-chip components, for example, multiple custom IC chips on a common substrate, has been proposed to protect knowledge of custom circuitry logic and inter-chip interaction, for example. Although using the emerging technology of commercial coatings on individual integrated circuit chips or components can protect the decrypted program from being read directly by obscuration from electrical or radiative probing, it does not prevent access to probing inter-component conductor paths over which data and code are transferred. This information can easily be read by probing between components.
Thus, nothing has been done to protect computer programs and data passing between components in processors, whether custom or general-purpose commercial processors such as those used in personal computers and workstations.
It is an object of the present invention to prevent software, databases and streamed data in processors from being stolen, sabotaged or accessed.
It is a further object of the present invention to protect the software or database not only during transport but also during downloading into a processor or processor network and during execution and storage of the code or database within the host system.
It is another object of the present invention to provide protection with no slowdown in processing system performance when it is used to protect software and databases.
It is yet another object of the present invention to use obscurant coatings and tamper detection and response circuitry, singly or in combination, multiple component modules and software code and data encryption in a manner to protect software and data passing between components.
It is yet another object of the present invention to provide a non-standard processor circuit board with respect to its architecture and component arrangement as compared to related art.
It is a further object of the present invention to provide a processor circuit board capable of interacting in standard fashion with other standard processor boards and components over back-plane busses, LANs, WANs and other interconnection methods.
These objects are achieved by providing a novel form of a general-purpose processor/computer having at least three integrated circuit (IC) components mounted on a single substrate as a multi-component module (MCM) including a CPU, one or more memory chips and one or more custom chips containing at least one each of a de-encryption key and algorithm for converting an encrypted computer program as it is received over a bus from a non-volatile memory. Further, an obscurant coating can be used to cover the chips, interconnection circuits and other elements within the multi-component module. The obscurant coating can be used alone or in combination with tamper detection and response circuitry, or the tamper detection and response circuitry may be used alone. The multi-component chip module can be provided in a bus configuration with other multi-component chip modules and one or more memory chips.
Alternatively, the de-encryption may be built into the CPU chip, or a computer program operating in the CPU could perform the de-encryption.
A method for protecting a processor system from tampering is also provided by mounting IC components on a single substrate as a multi-component chip module, converting an encrypted computer program, encrypted code or encrypted data into its original unencrypted form, sending the de-encrypted computer program, code or data to appropriate locations in memory located in the multi-component chip module, protecting these memory locations from external access, and protecting the multi-component chip module using one or a combination of obscurant, deceptive patterns and tamper detection/destruction mechanisms.
These objects, together with other objects and advantages which will be subsequently apparent, reside in the details of construction and operation as more fully described and claimed hereinafter, reference being had to the accompanying drawings forming a part hereof, wherein like reference numerals refer to like parts throughout.